Merge ~enr0n/ubuntu/+source/openssh:generator-v3 into ubuntu/+source/openssh:ubuntu/devel
- Git
- lp:~enr0n/ubuntu/+source/openssh
- generator-v3
- Merge into ubuntu/devel
Status: | Merged |
---|---|
Merged at revision: | f29f3057cc20e93124eef7e1034d72026601d3f1 |
Proposed branch: | ~enr0n/ubuntu/+source/openssh:generator-v3 |
Merge into: | ubuntu/+source/openssh:ubuntu/devel |
Diff against target: |
1585 lines (+572/-621) 29 files modified
debian/README.Debian (+12/-13) debian/changelog (+27/-0) debian/control (+1/-0) debian/openssh-server.install (+2/-0) debian/openssh-server.postinst (+27/-171) debian/openssh-server.postrm (+0/-4) debian/openssh-server.templates (+0/-12) debian/openssh-server.ucf-md5sum (+6/-0) debian/patches/series (+1/-1) debian/patches/sshd-socket-generator.patch (+363/-0) debian/po/cs.po (+1/-26) debian/po/da.po (+1/-26) debian/po/de.po (+1/-26) debian/po/es.po (+1/-26) debian/po/fr.po (+1/-26) debian/po/it.po (+1/-26) debian/po/ja.po (+1/-26) debian/po/nl.po (+1/-26) debian/po/pt.po (+1/-26) debian/po/pt_BR.po (+1/-26) debian/po/ru.po (+3/-28) debian/po/sv.po (+1/-26) debian/po/templates.pot (+2/-27) debian/po/tr.po (+2/-27) debian/rules (+1/-1) debian/systemd/ssh.socket (+3/-1) debian/tests/control (+6/-0) debian/tests/sshd-socket-generator (+105/-0) dev/null (+0/-50) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Steve Langasek (community) | Approve | ||
Review via email: mp+460543@code.launchpad.net |
Commit message
Description of the change
Add sshd-socket-
Steve Langasek (vorlon) : | # |
Nick Rosbrook (enr0n) wrote : | # |
Nick Rosbrook (enr0n) wrote : | # |
And pushed new changes.
Steve Langasek (vorlon) wrote : | # |
Thanks, you've addressed the fails-to-
I can't think of any other blockers for this to be an unconditional switch to socket activation as multiple listen addresses was the only case where we didn't already do the upgrade automatically.
I'm going to tag in Robie from server for an additional review since he had good feedback on the first iteration of this and would be a good second set of eyes.
I have not done an in-depth review of the C code. Do you want that from me here?
Nick Rosbrook (enr0n) wrote : | # |
> I have not done an in-depth review of the C code. Do you want that from me
> here?
The more review the better, but I understand your time is valuable :D
Nick Rosbrook (enr0n) : | # |
Steve Langasek (vorlon) wrote : | # |
Marking approved, others in the team can also review C code if you need it (and I know Debian upstream will give you a solid review when you forward this)
Preview Diff
1 | diff --git a/debian/README.Debian b/debian/README.Debian |
2 | index 8067852..70c588f 100644 |
3 | --- a/debian/README.Debian |
4 | +++ b/debian/README.Debian |
5 | @@ -186,27 +186,26 @@ Socket-based activation with systemd |
6 | |
7 | By default, socket-based activation is used on systems that use systemd. |
8 | |
9 | -The provided ssh.socket unit file sets ListenStream=22. If you need to have |
10 | -it listen on a different address or port, then you will need to do this as |
11 | -follows (modifying ListenStream to match your requirements): |
12 | - |
13 | - mkdir -p /etc/systemd/system/ssh.socket.d |
14 | - cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF |
15 | - [Socket] |
16 | - ListenStream=2222 |
17 | - EOF |
18 | +The provided ssh.socket unit file sets ListenStream=22. A systemd generator, |
19 | +sshd-socket-generator, parses the sshd configuration and, if non-default |
20 | +ListenAddress(s) or Port(s) are configured, generates corresponding |
21 | +ListenStream= lines in a drop-in configration file for ssh.socket. To change |
22 | +the port or address ssh.socket is listening on, edit /etc/ssh/sshd_config (or |
23 | +add a drop-in file to /etc/ssh/sshd_config.d/) as usual and then run: |
24 | + |
25 | systemctl daemon-reload |
26 | systemctl restart ssh.socket |
27 | |
28 | See systemd.socket(5) for details. |
29 | |
30 | If you do not want to use socket activation for ssh on your system, you |
31 | -can disable socket activation by running: |
32 | +can disable socket activation by masking the generator and re-enabling |
33 | +ssh.service: |
34 | |
35 | - systemctl disable --now ssh.socket |
36 | - rm -f /etc/systemd/system/ssh.service.d/00-socket.conf |
37 | - rm -f /etc/systemd/system/ssh.socket.d/addresses.conf |
38 | + mkdir -p /etc/systemd/system-generators/ |
39 | + ln -s /dev/null /etc/systemd/system-generators/sshd-socket-generator |
40 | systemctl daemon-reload |
41 | + systemctl disable --now ssh.socket |
42 | systemctl enable --now ssh.service |
43 | |
44 | Terminating SSH sessions cleanly on shutdown/reboot with systemd |
45 | diff --git a/debian/changelog b/debian/changelog |
46 | index eaaedcc..68dc34f 100644 |
47 | --- a/debian/changelog |
48 | +++ b/debian/changelog |
49 | @@ -1,3 +1,30 @@ |
50 | +openssh (1:9.6p1-3ubuntu3) noble; urgency=medium |
51 | + |
52 | + * Add sshd-socket-generator to generate ssh.socket drop-in configuration |
53 | + instead of doing one-time generation on package upgrade: |
54 | + - debian/control: Build-Depends: systemd-dev |
55 | + - d/p/sshd-socket-generator.patch: add generator for socket activation |
56 | + - debian/openssh-server.install: install sshd-socket-generator |
57 | + - debian/openssh-server.postinst: handle migration to sshd-socket-generator |
58 | + - d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator |
59 | + - ssh.socket: adjust unit for socket activation by default |
60 | + - debian/README.Debian: update ssh.socket documentation |
61 | + - debian/rules: explicitly enable LTO |
62 | + The armhf build was not using LTO, which made sshd-socket-generator FTBFS. |
63 | + This change ensures that all arches are using LTO. |
64 | + * Drop the following changes related to previous ssh socket activation approach: |
65 | + - debian/openssh-server.postrm: remove systemd drop-ins for |
66 | + socket-activated sshd on purge |
67 | + - debian/openssh-server.templates: include debconf prompt explaining |
68 | + when migration cannot happen due to multiple ListenAddress values |
69 | + - debian/openssh-server.postinst: handle migration of sshd_config options |
70 | + to systemd socket options on upgrade. |
71 | + - debian/patches/socket-activation-documentation.patch: Document in |
72 | + sshd_config(5) that ListenAddress and Port no longer work. |
73 | + * debian/openssh-server.ucf-md5sum: update for new Ubuntu delta |
74 | + |
75 | + -- Nick Rosbrook <enr0n@ubuntu.com> Wed, 21 Feb 2024 12:51:30 -0500 |
76 | + |
77 | openssh (1:9.6p1-3ubuntu2) noble; urgency=medium |
78 | |
79 | [ Marco Trevisan (Treviño) ] |
80 | diff --git a/debian/control b/debian/control |
81 | index e93b516..58e9a89 100644 |
82 | --- a/debian/control |
83 | +++ b/debian/control |
84 | @@ -20,6 +20,7 @@ Build-Depends: debhelper (>= 13.1~), |
85 | libwrap0-dev | libwrap-dev, |
86 | pkg-config, |
87 | zlib1g-dev, |
88 | + systemd-dev, |
89 | Standards-Version: 4.6.2 |
90 | Uploaders: Colin Watson <cjwatson@debian.org>, |
91 | Matthew Vernon <matthew@debian.org>, |
92 | diff --git a/debian/openssh-server.install b/debian/openssh-server.install |
93 | index cf86dce..9942604 100755 |
94 | --- a/debian/openssh-server.install |
95 | +++ b/debian/openssh-server.install |
96 | @@ -19,3 +19,5 @@ debian/systemd/ssh-session-cleanup usr/lib/openssh |
97 | # dh_apport would be neater, but at the time of writing it isn't in unstable |
98 | # yet. |
99 | debian/openssh-server.apport => usr/share/apport/package-hooks/openssh-server.py |
100 | + |
101 | +usr/lib/systemd/system-generators/sshd-socket-generator |
102 | diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst |
103 | index cb9a301..251f11c 100644 |
104 | --- a/debian/openssh-server.postinst |
105 | +++ b/debian/openssh-server.postinst |
106 | @@ -17,87 +17,6 @@ get_config_option() { |
107 | /usr/sbin/sshd -G | sed -n "s/^$option //Ip" |
108 | } |
109 | |
110 | -get_config_option_all() { |
111 | - option="$1" |
112 | - file="$2" |
113 | - |
114 | - if [ -z "$file" ]; then |
115 | - file=/etc/ssh/sshd_config |
116 | - fi |
117 | - |
118 | - [ -f "$file" ] || return 0 |
119 | - # ListenAddress and Port only take a single word argument so anything |
120 | - # after this must be a comment |
121 | - while read option2 value junk; do |
122 | - case $option2 in |
123 | - $option) |
124 | - echo $value |
125 | - ;; |
126 | - Include) |
127 | - # globs |
128 | - for f in $value; do |
129 | - get_config_option_all "$option" "$f" |
130 | - done |
131 | - ;; |
132 | - esac |
133 | - done < $file |
134 | -} |
135 | - |
136 | -hostnames_to_addresses() { |
137 | - addresses="$1" |
138 | - for address in $addresses; do |
139 | - address_no_port="$(address_strip_port $address)" |
140 | - if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then |
141 | - numeric_addresses="$numeric_addresses $address" |
142 | - else |
143 | - new_addresses=$( (getent ahostsv4 $address_no_port; |
144 | - getent ahostsv6 $address_no_port) \ |
145 | - | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; } |
146 | - $1 ~ /:/ { print "[" $1 "]"; next; } |
147 | - { print $1 }' \ |
148 | - | sort -u) |
149 | - port="$(port_from_address $address)" |
150 | - if [ -n "$port" ]; then |
151 | - new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)" |
152 | - fi |
153 | - numeric_addresses="$numeric_addresses $new_addresses" |
154 | - fi |
155 | - done |
156 | - echo "$numeric_addresses" |
157 | -} |
158 | - |
159 | -port_from_address() { |
160 | - address="$1" |
161 | - if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then |
162 | - # This is an IPv6 address with a port. |
163 | - port="$(echo $address | awk -F':' '{print $NF}')" |
164 | - elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then |
165 | - # This is an IPv6 address without a port. |
166 | - port="" |
167 | - else |
168 | - # This is an IPv4 address or hostname, where the port |
169 | - # may or may not be specified. |
170 | - port="$(echo $address | awk -F':' '{print $2}')" |
171 | - fi |
172 | - echo "$port" |
173 | -} |
174 | - |
175 | -address_strip_port() { |
176 | - address="$1" |
177 | - if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then |
178 | - # This is an IPv6 address in brackets, with or without a port. |
179 | - address_no_port="$(echo $address | awk -F '[][]' '{print $2}')" |
180 | - elif echo $address | grep -q '^[0-9a-f:]\+$'; then |
181 | - # This is an IPv6 address with no brackets and no port. |
182 | - address_no_port="$address" |
183 | - else |
184 | - # This is an IPv4 address or hostname, where the port |
185 | - # may or may not be specified. |
186 | - address_no_port="$(echo $address | awk -F':' '{print $1}')" |
187 | - fi |
188 | - echo "$address_no_port" |
189 | -} |
190 | - |
191 | |
192 | create_key() { |
193 | msg="$1" |
194 | @@ -211,102 +130,39 @@ if [ "$action" = configure ]; then |
195 | # which we now move back into place. |
196 | mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli |
197 | fi |
198 | - if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~ |
199 | - then |
200 | - # migrate to systemd socket activation. |
201 | - addresses=$(get_config_option_all ListenAddress) |
202 | - addresses=$(hostnames_to_addresses "$addresses") |
203 | - ports=$(get_config_option_all Port) |
204 | - if [ -n "$addresses$ports" ] |
205 | - then |
206 | - override_dir=/etc/systemd/system/ssh.socket.d |
207 | - mkdir -p "$override_dir" |
208 | - echo '[Socket]' > "$override_dir"/addresses.conf.new |
209 | - echo 'ListenStream=' >> "$override_dir"/addresses.conf.new |
210 | - fi |
211 | - if [ -n "$addresses" ]; then |
212 | - [ -n "$ports" ] || ports=22 |
213 | - count=0 |
214 | - for address in $addresses; do |
215 | - count=$((count+1)) |
216 | - port_from_address="$(port_from_address $address)" |
217 | - if [ -z "$port_from_address" ]; then |
218 | - for port in $ports; do |
219 | - echo "ListenStream=$address:$port" \ |
220 | - >> "$override_dir"/addresses.conf.new |
221 | - done |
222 | - else |
223 | - echo "ListenStream=$address" \ |
224 | - >> "$override_dir"/addresses.conf.new |
225 | - fi |
226 | - done |
227 | - if [ $count -gt 1 ]; then |
228 | - db_input critical openssh-server/listenstream-may-fail || true |
229 | - db_go || true |
230 | - rm -f "$override_dir"/addresses.conf.new |
231 | - rmdir --ignore-fail-on-non-empty "$override_dir" |
232 | - NO_SOCKET_MIGRATION=1 |
233 | - fi |
234 | - elif [ -n "$ports" ]; then |
235 | - for port in $ports; do |
236 | - echo "ListenStream=$port" \ |
237 | - >> "$override_dir"/addresses.conf.new |
238 | - done |
239 | - fi |
240 | - |
241 | - if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ] |
242 | - then |
243 | - mv "$override_dir"/addresses.conf.new \ |
244 | - "$override_dir"/addresses.conf |
245 | - fi |
246 | - fi |
247 | - if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then |
248 | - if [ -z "$NO_SOCKET_MIGRATION" ]; then |
249 | - override_dir=/etc/systemd/system/ssh.service.d |
250 | - mkdir -p "$override_dir" |
251 | - echo '[Unit]' > "$override_dir"/00-socket.conf |
252 | - echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf |
253 | - echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf |
254 | - |
255 | - # deb-systemd-helper is inadequate for the task of |
256 | - # changing policy for the units on upgrade |
257 | - if [ -d /run/systemd/system ]; then |
258 | - systemctl daemon-reload |
259 | - systemctl disable ssh.service |
260 | - systemctl unmask ssh.service |
261 | - systemctl stop ssh.service |
262 | - systemctl enable ssh.socket |
263 | - fi |
264 | - fi |
265 | - fi |
266 | - |
267 | - # Revert socket migration if we can determine the user hit |
268 | - # LP: #1993478. |
269 | - if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \ |
270 | - && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \ |
271 | - && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \ |
272 | - && [ -n "$NO_SOCKET_MIGRATION" ]; then |
273 | - rm /etc/systemd/system/ssh.socket.d/addresses.conf |
274 | - rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d |
275 | - rm /etc/systemd/system/ssh.service.d/00-socket.conf |
276 | - rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d |
277 | - if [ -d /run/systemd/system ]; then |
278 | - systemctl daemon-reload |
279 | - systemctl disable ssh.socket |
280 | - systemctl stop ssh.socket |
281 | - systemctl enable ssh.service |
282 | - fi |
283 | + if dpkg --compare-versions "$2" lt-nl 1:9.6p1-3ubuntu3~; then |
284 | + # Remove old socket activation drop-in configurations, if they exist. |
285 | + if [ -d /etc/systemd/system/ssh.socket.d ]; then |
286 | + rm -f /etc/systemd/system/ssh.socket.d/addresses.conf |
287 | + rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d |
288 | + fi |
289 | + if [ -d /etc/systemd/system/ssh.service.d ]; then |
290 | + rm -f /etc/systemd/system/ssh.service.d/00-socket.conf |
291 | + rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d |
292 | + fi |
293 | + if [ -d /run/systemd/system ]; then |
294 | + # Make sure ssh.service is disabled. |
295 | + systemctl unmask ssh.service |
296 | + systemctl disable --now ssh.service > /dev/null 2>&1 |
297 | + |
298 | + # sshd-socket-generator is invoked on daemon-reload. |
299 | + systemctl daemon-reload |
300 | + systemctl enable ssh.socket |
301 | + fi |
302 | fi |
303 | fi |
304 | |
305 | #DEBHELPER# |
306 | |
307 | if [ -d /run/systemd/system ]; then |
308 | - if deb-systemd-helper --quiet was-enabled ssh.socket; then |
309 | - deb-systemd-invoke restart ssh.socket |
310 | - elif deb-systemd-helper --quiet was-enabled ssh.service; then |
311 | - deb-systemd-invoke restart ssh.service |
312 | - fi |
313 | + # sshd-socket-generator is invoked on daemon-reload. |
314 | + systemctl daemon-reload |
315 | + |
316 | + if deb-systemd-helper --quiet was-enabled ssh.socket; then |
317 | + deb-systemd-invoke restart ssh.socket |
318 | + elif deb-systemd-helper --quiet was-enabled ssh.service; then |
319 | + deb-systemd-invoke restart ssh.service |
320 | + fi |
321 | fi |
322 | |
323 | db_stop |
324 | diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm |
325 | index 46798dd..fbaeb17 100644 |
326 | --- a/debian/openssh-server.postrm |
327 | +++ b/debian/openssh-server.postrm |
328 | @@ -23,10 +23,6 @@ case $1 in |
329 | if command -v ucfr >/dev/null 2>&1; then |
330 | ucfr --purge openssh-server /etc/ssh/sshd_config |
331 | fi |
332 | - rm -f /etc/systemd/system/ssh.service.d/00-socket.conf |
333 | - rm -f /etc/systemd/system/ssh.socket.d/addresses.conf |
334 | - rmdir /etc/systemd/system/ssh.service.d || true |
335 | - rmdir /etc/systemd/system/ssh.socket.d || true |
336 | rm -f /etc/ssh/sshd_not_to_be_run |
337 | [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh |
338 | |
339 | diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates |
340 | index 31f2935..e071fe3 100644 |
341 | --- a/debian/openssh-server.templates |
342 | +++ b/debian/openssh-server.templates |
343 | @@ -21,15 +21,3 @@ Description: Allow password authentication? |
344 | By default, the SSH server will allow authenticating using a password. |
345 | You may want to change this if all users on this system authenticate using |
346 | a stronger authentication method, such as public keys. |
347 | - |
348 | -Template: openssh-server/listenstream-may-fail |
349 | -Type: error |
350 | -_Description: Not migrating to socket activation |
351 | - This version of openssh-server uses socket-based activation by default. |
352 | - However, because you have more than one ListenAddress configured in |
353 | - sshd_config, it is impossible to determine at upgrade time if migrating |
354 | - you to socket-based activation would cause the starting of sshd at boot |
355 | - to be unreliable. |
356 | - . |
357 | - Because a failure to start ssh may make it impossible to admininister a |
358 | - system, you will not be migrated to socket-based activation at this time. |
359 | diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum |
360 | index 9a8efb6..b2c0ac3 100644 |
361 | --- a/debian/openssh-server.ucf-md5sum |
362 | +++ b/debian/openssh-server.ucf-md5sum |
363 | @@ -132,3 +132,9 @@ fac56840f6697a357368bb878dd8fb87 |
364 | d01da8c9de75176095712d4e37d5dcd5 |
365 | e4898846045f33b8d99d3263d6f6fd81 |
366 | ec46dc59ba9c9e9458add405264fcedd |
367 | + |
368 | +# From 1:9.6p1-3ubuntu3 |
369 | +b8e751f62cf86a18bc30cdaae494b03f |
370 | +b89c8626d43128cdb233536439e00566 |
371 | +5f589fb3658df8cb7cce8505cf821e40 |
372 | +8d7588b06f81ef23bea8d84442af8e68 |
373 | diff --git a/debian/patches/series b/debian/patches/series |
374 | index aba5430..3d5c5c8 100644 |
375 | --- a/debian/patches/series |
376 | +++ b/debian/patches/series |
377 | @@ -26,10 +26,10 @@ maxhostnamelen.patch |
378 | conch-ssh-rsa.patch |
379 | systemd-socket-activation.patch |
380 | broken-zero-call-used-regs.patch |
381 | -socket-activation-documentation.patch |
382 | test-set-UsePAM-no-on-some-tests.patch |
383 | auth-Add-KbdintResult-definition-to-define-result-values-.patch |
384 | auth-pam-Add-an-enum-to-define-the-PAM-done-status.patch |
385 | auth-pam-Add-debugging-information-when-we-receive-PAM-me.patch |
386 | auth-pam-Immediately-report-interactive-instructions-to-c.patch |
387 | sshconnect2-Write-kbd-interactive-service-info-and-instru.patch |
388 | +sshd-socket-generator.patch |
389 | diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch |
390 | deleted file mode 100644 |
391 | index 9afde55..0000000 |
392 | --- a/debian/patches/socket-activation-documentation.patch |
393 | +++ /dev/null |
394 | @@ -1,50 +0,0 @@ |
395 | -Index: openssh-9.0p1/sshd_config.5 |
396 | -=================================================================== |
397 | ---- openssh-9.0p1.orig/sshd_config.5 |
398 | -+++ openssh-9.0p1/sshd_config.5 |
399 | -@@ -1069,6 +1069,15 @@ |
400 | - Multiple |
401 | - .Cm ListenAddress |
402 | - options are permitted. |
403 | -+.Pp |
404 | -+.Cm Note: |
405 | -+On Ubuntu, the openssh-server package is configured to use systemd |
406 | -+socket-based activation by default. Therefore if you are using systemd with |
407 | -+the default configuration, |
408 | -+.Cm ListenAddress |
409 | -+options will not be honored. Address configuration must be handled in |
410 | -+.Pa /etc/systemd/system/ssh.socket.d |
411 | -+instead. |
412 | - .It Cm LoginGraceTime |
413 | - The server disconnects after this time if the user has not |
414 | - successfully logged in. |
415 | -@@ -1520,6 +1529,15 @@ |
416 | - Multiple options of this type are permitted. |
417 | - See also |
418 | - .Cm ListenAddress . |
419 | -+.Pp |
420 | -+.Cm Note: |
421 | -+On Ubuntu, the openssh-server package is configured to use systemd |
422 | -+socket-based activation by default. Therefore if you are using systemd with |
423 | -+the default configuration, |
424 | -+.Cm Port |
425 | -+options will not be honored. Address configuration must be handled in |
426 | -+.Pa /etc/systemd/system/ssh.socket.d |
427 | -+instead. |
428 | - .It Cm PrintLastLog |
429 | - Specifies whether |
430 | - .Xr sshd 8 |
431 | -Index: openssh-9.0p1/sshd_config |
432 | -=================================================================== |
433 | ---- openssh-9.0p1.orig/sshd_config |
434 | -+++ openssh-9.0p1/sshd_config |
435 | -@@ -12,6 +12,9 @@ |
436 | - |
437 | - Include /etc/ssh/sshd_config.d/*.conf |
438 | - |
439 | -+# Port and ListenAddress options are not used when sshd is socket-activated, |
440 | -+# which is now the default in Ubuntu. See sshd_config(5) and |
441 | -+# /usr/share/doc/openssh-server/README.Debian.gz for details. |
442 | - #Port 22 |
443 | - #AddressFamily any |
444 | - #ListenAddress 0.0.0.0 |
445 | diff --git a/debian/patches/sshd-socket-generator.patch b/debian/patches/sshd-socket-generator.patch |
446 | new file mode 100644 |
447 | index 0000000..ae3692c |
448 | --- /dev/null |
449 | +++ b/debian/patches/sshd-socket-generator.patch |
450 | @@ -0,0 +1,363 @@ |
451 | +--- /dev/null |
452 | ++++ b/sshd-socket-generator.c |
453 | +@@ -0,0 +1,290 @@ |
454 | ++#include <errno.h> |
455 | ++#include <linux/limits.h> |
456 | ++#include <netdb.h> |
457 | ++#include <stdbool.h> |
458 | ++#include <stdio.h> |
459 | ++#include <stdlib.h> |
460 | ++#include <string.h> |
461 | ++#include <sys/socket.h> |
462 | ++#include <sys/stat.h> |
463 | ++#include <sys/types.h> |
464 | ++ |
465 | ++#include "includes.h" |
466 | ++ |
467 | ++#include "hostfile.h" /* Needs to be included before auth.h */ |
468 | ++#include "auth.h" |
469 | ++#include "kex.h" |
470 | ++#include "log.h" |
471 | ++#include "misc.h" |
472 | ++#include "monitor.h" |
473 | ++#include "ssh-gss.h" /* Needs to be included before monitor_wrap.h */ |
474 | ++#include "monitor_wrap.h" |
475 | ++#include "pathnames.h" |
476 | ++#include "servconf.h" |
477 | ++#include "sshbuf.h" |
478 | ++ |
479 | ++#define MAX_LISTEN_STREAMS (16) |
480 | ++#define MAX_LISTEN_STREAM_LEN (NI_MAXHOST + NI_MAXSERV + sizeof("ListenAddress=[:]") + 1) |
481 | ++typedef char listen_stream_set[MAX_LISTEN_STREAMS][MAX_LISTEN_STREAM_LEN]; |
482 | ++ |
483 | ++/* Global variables required for sshd config parsing. */ |
484 | ++ServerOptions options = {}; |
485 | ++struct sshbuf *cfg = NULL; |
486 | ++struct include_list includes = TAILQ_HEAD_INITIALIZER(includes); |
487 | ++ |
488 | ++/* Other global variables that are required for this to build, because of their |
489 | ++ * use throughout the codebase. We do NOT use these variables for the |
490 | ++ * generator. */ |
491 | ++Authctxt *the_authctxt = NULL; |
492 | ++int privsep_is_preauth = 1; |
493 | ++int use_privsep = -1; |
494 | ++struct monitor *pmonitor = NULL; |
495 | ++struct ssh *the_active_state = NULL; |
496 | ++struct sshauthopt *auth_opts = NULL; |
497 | ++struct sshbuf *loginmsg = NULL; |
498 | ++ |
499 | ++static int listen_stream_set_append(listen_stream_set set, const char *listen_stream) { |
500 | ++ size_t n; |
501 | ++ |
502 | ++ if (!set) |
503 | ++ return -EINVAL; |
504 | ++ |
505 | ++ n = strnlen(listen_stream, MAX_LISTEN_STREAM_LEN); |
506 | ++ if (n == MAX_LISTEN_STREAM_LEN) |
507 | ++ return -EINVAL; |
508 | ++ |
509 | ++ for (int i = 0; i < MAX_LISTEN_STREAMS; i++) { |
510 | ++ if (strcmp(set[i], listen_stream) == 0) |
511 | ++ return 0; |
512 | ++ |
513 | ++ if (strnlen(set[i], MAX_LISTEN_STREAM_LEN) > 0) |
514 | ++ continue; |
515 | ++ |
516 | ++ memcpy(set[i], listen_stream, n); |
517 | ++ |
518 | ++ return 0; |
519 | ++ } |
520 | ++ |
521 | ++ return -E2BIG; |
522 | ++} |
523 | ++ |
524 | ++static int listen_stream_set_len(listen_stream_set set) { |
525 | ++ int r = 0; |
526 | ++ |
527 | ++ if (!set) |
528 | ++ return 0; |
529 | ++ |
530 | ++ for (int i = 0; i < MAX_LISTEN_STREAMS; i++) { |
531 | ++ if (strnlen(set[i], MAX_LISTEN_STREAM_LEN) > 0) |
532 | ++ r++; |
533 | ++ else |
534 | ++ break; |
535 | ++ } |
536 | ++ |
537 | ++ return r; |
538 | ++} |
539 | ++ |
540 | ++static char *path_append(const char *base, const char *append) { |
541 | ++ bool add_slash; |
542 | ++ size_t n = 0, len_base, len_append; |
543 | ++ char *path = NULL; |
544 | ++ |
545 | ++ len_base = strnlen(base, PATH_MAX); |
546 | ++ len_append = strnlen(append, PATH_MAX); |
547 | ++ add_slash = base[len_base - 1] != '/'; |
548 | ++ |
549 | ++ path = calloc(len_base + len_append + (add_slash ? 2 : 1), sizeof(char)); |
550 | ++ if (!path) |
551 | ++ return NULL; |
552 | ++ |
553 | ++ memcpy(path, base, len_base); |
554 | ++ n += len_base; |
555 | ++ |
556 | ++ if (add_slash) |
557 | ++ path[n++] = '/'; |
558 | ++ |
559 | ++ memcpy(path + n, append, len_append); |
560 | ++ n += len_append; |
561 | ++ path[n] = '\0'; |
562 | ++ |
563 | ++ return path; |
564 | ++} |
565 | ++ |
566 | ++static int fflush_and_check(FILE *f) { |
567 | ++ errno = 0; |
568 | ++ fflush(f); |
569 | ++ |
570 | ++ if (ferror(f)) |
571 | ++ return errno > 0 ? -errno : -EIO; |
572 | ++ |
573 | ++ return 0; |
574 | ++} |
575 | ++ |
576 | ++static int write_systemd_socket_file(const char *destdir) { |
577 | ++ listen_stream_set listen_streams = {}; |
578 | ++ int num_listen_streams; |
579 | ++ char *conf = NULL, *overridedir = NULL; |
580 | ++ FILE *f = NULL; |
581 | ++ int r; |
582 | ++ |
583 | ++ overridedir = path_append(destdir, "ssh.socket.d"); |
584 | ++ if (!overridedir) { |
585 | ++ r = -ENOMEM; |
586 | ++ goto out; |
587 | ++ } |
588 | ++ |
589 | ++ if (mkdir(overridedir, 0755) < 0 && errno != EEXIST) { |
590 | ++ r = -errno; |
591 | ++ goto out; |
592 | ++ } |
593 | ++ |
594 | ++ conf = path_append(overridedir, "addresses.conf"); |
595 | ++ if (!conf) { |
596 | ++ r = -ENOMEM; |
597 | ++ goto out; |
598 | ++ } |
599 | ++ |
600 | ++ f = fopen(conf, "we"); |
601 | ++ if (!f) { |
602 | ++ r = -errno; |
603 | ++ goto out; |
604 | ++ } |
605 | ++ |
606 | ++ fprintf(f, |
607 | ++ "# Automatically generated by sshd-socket-generator\n" |
608 | ++ "\n[Socket]\n" |
609 | ++ "ListenStream=\n"); |
610 | ++ |
611 | ++ for (u_int i = 0; i < options.num_listen_addrs; i++) { |
612 | ++ for (struct addrinfo *ai = options.listen_addrs[i].addrs; ai; ai = ai->ai_next) { |
613 | ++ char addr[NI_MAXHOST] = {}, port[NI_MAXSERV] = {}, |
614 | ++ listen_stream[MAX_LISTEN_STREAM_LEN] = {}; |
615 | ++ |
616 | ++ r = getnameinfo(ai->ai_addr, ai->ai_addrlen, |
617 | ++ addr, sizeof(addr), |
618 | ++ port, sizeof(port), |
619 | ++ NI_NUMERICHOST|NI_NUMERICSERV); |
620 | ++ if (r != 0) { |
621 | ++ fprintf(stderr, "%s\n", gai_strerror(r)); |
622 | ++ r = r == EAI_SYSTEM ? -errno : -EINVAL; |
623 | ++ goto out; |
624 | ++ } |
625 | ++ |
626 | ++ if (strcmp(addr, "0.0.0.0") == 0 || strcmp(addr, "::") == 0) { |
627 | ++ if (strcmp(port, "22") == 0) |
628 | ++ /* No need to override. This is the |
629 | ++ * default in ssh.socket. */ |
630 | ++ continue; |
631 | ++ |
632 | ++ /* If ListenAddress is 0.0.0.0 or ::, only |
633 | ++ * write the port in ListenStream=. */ |
634 | ++ snprintf(listen_stream, |
635 | ++ MAX_LISTEN_STREAM_LEN, |
636 | ++ "ListenStream=%s", |
637 | ++ port); |
638 | ++ } else |
639 | ++ snprintf(listen_stream, |
640 | ++ MAX_LISTEN_STREAM_LEN, |
641 | ++ "ListenStream=%s%s%s:%s", |
642 | ++ ai->ai_family == AF_INET6 ? "[" : "", |
643 | ++ addr, |
644 | ++ ai->ai_family == AF_INET6 ? "]" : "", |
645 | ++ port); |
646 | ++ |
647 | ++ r = listen_stream_set_append(listen_streams, listen_stream); |
648 | ++ if (r < 0) |
649 | ++ goto out; |
650 | ++ } |
651 | ++ } |
652 | ++ |
653 | ++ num_listen_streams = listen_stream_set_len(listen_streams); |
654 | ++ |
655 | ++ if (num_listen_streams <= 0) { |
656 | ++ /* We didn't generate anything useful, so clean up and leave |
657 | ++ * ssh.socket as-is. */ |
658 | ++ r = -ENODATA; |
659 | ++ goto out; |
660 | ++ } |
661 | ++ |
662 | ++ for (int i = 0; i < num_listen_streams; i++) |
663 | ++ fprintf(f, "%s\n", listen_streams[i]); |
664 | ++ |
665 | ++ r = fflush_and_check(f); |
666 | ++ if (r < 0) |
667 | ++ goto out; |
668 | ++ |
669 | ++out: |
670 | ++ if (f) |
671 | ++ fclose(f); |
672 | ++ |
673 | ++ if (r < 0) { |
674 | ++ (void) remove(conf); |
675 | ++ (void) remove(overridedir); |
676 | ++ } |
677 | ++ |
678 | ++ free(overridedir); |
679 | ++ free(conf); |
680 | ++ |
681 | ++ return r; |
682 | ++} |
683 | ++ |
684 | ++static int parse_sshd_config_options() { |
685 | ++ struct connection_info *connection_info; |
686 | ++ |
687 | ++ cfg = sshbuf_new(); |
688 | ++ if (!cfg) |
689 | ++ return -ENOMEM; |
690 | ++ |
691 | ++ initialize_server_options(&options); |
692 | ++ load_server_config(_PATH_SERVER_CONFIG_FILE, cfg); |
693 | ++ parse_server_config(&options, _PATH_SERVER_CONFIG_FILE, cfg, &includes, NULL, 0); |
694 | ++ fill_default_server_options(&options); |
695 | ++ |
696 | ++ connection_info = get_connection_info(NULL, 0, 0); |
697 | ++ connection_info->test = 1; |
698 | ++ |
699 | ++ parse_server_match_config(&options, &includes, connection_info); |
700 | ++ |
701 | ++ return 0; |
702 | ++} |
703 | ++ |
704 | ++int main(int argc, char **argv) { |
705 | ++ const char *destdir = NULL; |
706 | ++ int r; |
707 | ++ |
708 | ++ if (argc < 2) { |
709 | ++ fprintf(stderr, "Expected at least one argument.\n"); |
710 | ++ |
711 | ++ return EXIT_FAILURE; |
712 | ++ } |
713 | ++ |
714 | ++ destdir = argv[1]; |
715 | ++ |
716 | ++ r = parse_sshd_config_options(); |
717 | ++ if (r < 0) { |
718 | ++ fprintf(stderr, "Faild to parse sshd config: %s\n", strerror(-r)); |
719 | ++ |
720 | ++ return EXIT_FAILURE; |
721 | ++ } |
722 | ++ |
723 | ++ if (options.num_listen_addrs <= 0) { |
724 | ++ /* No listen addresses configured? Don't generate anything. */ |
725 | ++ fprintf(stderr, "No listen addresses configured. Will not generate anything.\n"); |
726 | ++ |
727 | ++ return EXIT_SUCCESS; |
728 | ++ } |
729 | ++ |
730 | ++ r = write_systemd_socket_file(destdir); |
731 | ++ if (r == -ENODATA) { |
732 | ++ fprintf(stderr, "No custom listen addresses configured. Will not generated anything.\n"); |
733 | ++ |
734 | ++ return EXIT_SUCCESS; |
735 | ++ } |
736 | ++ if (r < 0) { |
737 | ++ fprintf(stderr, "Failed to generate ssh.socket: %s\n", strerror(-r)); |
738 | ++ |
739 | ++ return EXIT_FAILURE; |
740 | ++ } |
741 | ++ |
742 | ++ return EXIT_SUCCESS; |
743 | ++} |
744 | +--- a/Makefile.in |
745 | ++++ b/Makefile.in |
746 | +@@ -17,6 +17,7 @@ |
747 | + top_srcdir=@top_srcdir@ |
748 | + abs_top_srcdir=@abs_top_srcdir@ |
749 | + abs_top_builddir=@abs_top_builddir@ |
750 | ++systemd_system_generator_dir=$(shell pkg-config --variable=systemd_system_generator_dir systemd) |
751 | + |
752 | + DESTDIR= |
753 | + VPATH=@srcdir@ |
754 | +@@ -69,7 +70,7 @@ |
755 | + |
756 | + .SUFFIXES: .lo |
757 | + |
758 | +-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) |
759 | ++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) sshd-socket-generator$(EXEEXT) |
760 | + |
761 | + XMSS_OBJS=\ |
762 | + ssh-xmss.o \ |
763 | +@@ -134,6 +135,16 @@ |
764 | + sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ |
765 | + sandbox-solaris.o uidswap.o $(SKOBJS) |
766 | + |
767 | ++SSHD_SOCKET_GEN_OBJS=sshd-socket-generator.o \ |
768 | ++ platform.o servconf.o groupaccess.o audit.o audit-linux.o \ |
769 | ++ auth2.o auth2-none.o auth2-gss.o \ |
770 | ++ auth2-passwd.o auth2-kbdint.o auth2-hostbased.o \ |
771 | ++ auth-options.o uidswap.o auth2-pubkey.o auth.o \ |
772 | ++ auth2-pubkeyfile.o auth-rhosts.o auth-passwd.o \ |
773 | ++ gss-serv.o auth2-chall.o auth-pam.o gss-serv-krb5.o \ |
774 | ++ loginrec.o auth-krb5.o auth-shadow.o \ |
775 | ++ monitor.o monitor_wrap.o |
776 | ++ |
777 | + SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o |
778 | + |
779 | + SCP_OBJS= scp.o progressmeter.o $(SFTP_CLIENT_OBJS) |
780 | +@@ -210,6 +221,9 @@ |
781 | + sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) |
782 | + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) |
783 | + |
784 | ++sshd-socket-generator$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHD_SOCKET_GEN_OBJS) |
785 | ++ $(LD) -o $@ $(SSHD_SOCKET_GEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) |
786 | ++ |
787 | + scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS) |
788 | + $(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
789 | + |
790 | +@@ -392,6 +406,7 @@ |
791 | + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 |
792 | + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 |
793 | + $(MKDIR_P) $(DESTDIR)$(libexecdir) |
794 | ++ $(MKDIR_P) $(DESTDIR)$(systemd_system_generator_dir) |
795 | + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) |
796 | + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) |
797 | + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) |
798 | +@@ -421,6 +436,7 @@ |
799 | + $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
800 | + $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
801 | + $(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8 |
802 | ++ $(INSTALL) -m 0755 $(STRIP_OPT) sshd-socket-generator$(EXEEXT) $(DESTDIR)$(systemd_system_generator_dir)/sshd-socket-generator$(EXEEXT) |
803 | + |
804 | + install-sysconf: |
805 | + $(MKDIR_P) $(DESTDIR)$(sysconfdir) |
806 | +@@ -478,6 +494,7 @@ |
807 | + -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
808 | + -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
809 | + -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
810 | ++ -rm -f $(DESTDIR)$(systemd_system_generator_dir)/sshd-socket-generator$(EXEEXT) |
811 | + -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
812 | + -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) |
813 | + -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
814 | diff --git a/debian/po/cs.po b/debian/po/cs.po |
815 | index 21b4c7b..d01e0ff 100644 |
816 | --- a/debian/po/cs.po |
817 | +++ b/debian/po/cs.po |
818 | @@ -7,7 +7,7 @@ msgid "" |
819 | msgstr "" |
820 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
821 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
822 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
823 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
824 | "PO-Revision-Date: 2014-06-12 12:25+0200\n" |
825 | "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n" |
826 | "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" |
827 | @@ -53,28 +53,3 @@ msgstr "" |
828 | "poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se " |
829 | "přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby " |
830 | "byste měli provést pouze pokud ověřování heslem potřebujete." |
831 | - |
832 | -#. Type: error |
833 | -#. Description |
834 | -#: ../openssh-server.templates:3001 |
835 | -msgid "Not migrating to socket activation" |
836 | -msgstr "" |
837 | - |
838 | -#. Type: error |
839 | -#. Description |
840 | -#: ../openssh-server.templates:3001 |
841 | -msgid "" |
842 | -"This version of openssh-server uses socket-based activation by default. " |
843 | -"However, because you have more than one ListenAddress configured in " |
844 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
845 | -"to socket-based activation would cause the starting of sshd at boot to be " |
846 | -"unreliable." |
847 | -msgstr "" |
848 | - |
849 | -#. Type: error |
850 | -#. Description |
851 | -#: ../openssh-server.templates:3001 |
852 | -msgid "" |
853 | -"Because a failure to start ssh may make it impossible to admininister a " |
854 | -"system, you will not be migrated to socket-based activation at this time." |
855 | -msgstr "" |
856 | diff --git a/debian/po/da.po b/debian/po/da.po |
857 | index a08ca3b..70d576d 100644 |
858 | --- a/debian/po/da.po |
859 | +++ b/debian/po/da.po |
860 | @@ -7,7 +7,7 @@ msgid "" |
861 | msgstr "" |
862 | "Project-Id-Version: openssh\n" |
863 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
864 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
865 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
866 | "PO-Revision-Date: 2014-03-21 23:51+0200\n" |
867 | "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" |
868 | "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" |
869 | @@ -53,28 +53,3 @@ msgstr "" |
870 | "Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH " |
871 | "som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, " |
872 | "hvis du ikke har brug for dette." |
873 | - |
874 | -#. Type: error |
875 | -#. Description |
876 | -#: ../openssh-server.templates:3001 |
877 | -msgid "Not migrating to socket activation" |
878 | -msgstr "" |
879 | - |
880 | -#. Type: error |
881 | -#. Description |
882 | -#: ../openssh-server.templates:3001 |
883 | -msgid "" |
884 | -"This version of openssh-server uses socket-based activation by default. " |
885 | -"However, because you have more than one ListenAddress configured in " |
886 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
887 | -"to socket-based activation would cause the starting of sshd at boot to be " |
888 | -"unreliable." |
889 | -msgstr "" |
890 | - |
891 | -#. Type: error |
892 | -#. Description |
893 | -#: ../openssh-server.templates:3001 |
894 | -msgid "" |
895 | -"Because a failure to start ssh may make it impossible to admininister a " |
896 | -"system, you will not be migrated to socket-based activation at this time." |
897 | -msgstr "" |
898 | diff --git a/debian/po/de.po b/debian/po/de.po |
899 | index 2536ea4..ecba54b 100644 |
900 | --- a/debian/po/de.po |
901 | +++ b/debian/po/de.po |
902 | @@ -8,7 +8,7 @@ msgid "" |
903 | msgstr "" |
904 | "Project-Id-Version: openssh_1:6.6p1-1\n" |
905 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
906 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
907 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
908 | "PO-Revision-Date: 2014-03-24 22:21+0100\n" |
909 | "Last-Translator: Stephan Beck <sbeck@mailbox.org>\n" |
910 | "Language-Team: Debian German translation team <debian-l10n-german@lists." |
911 | @@ -59,28 +59,3 @@ msgstr "" |
912 | "in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter " |
913 | "Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese " |
914 | "Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können." |
915 | - |
916 | -#. Type: error |
917 | -#. Description |
918 | -#: ../openssh-server.templates:3001 |
919 | -msgid "Not migrating to socket activation" |
920 | -msgstr "" |
921 | - |
922 | -#. Type: error |
923 | -#. Description |
924 | -#: ../openssh-server.templates:3001 |
925 | -msgid "" |
926 | -"This version of openssh-server uses socket-based activation by default. " |
927 | -"However, because you have more than one ListenAddress configured in " |
928 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
929 | -"to socket-based activation would cause the starting of sshd at boot to be " |
930 | -"unreliable." |
931 | -msgstr "" |
932 | - |
933 | -#. Type: error |
934 | -#. Description |
935 | -#: ../openssh-server.templates:3001 |
936 | -msgid "" |
937 | -"Because a failure to start ssh may make it impossible to admininister a " |
938 | -"system, you will not be migrated to socket-based activation at this time." |
939 | -msgstr "" |
940 | diff --git a/debian/po/es.po b/debian/po/es.po |
941 | index 14550d6..de8a67a 100644 |
942 | --- a/debian/po/es.po |
943 | +++ b/debian/po/es.po |
944 | @@ -28,7 +28,7 @@ msgid "" |
945 | msgstr "" |
946 | "Project-Id-Version: openssh\n" |
947 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
948 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
949 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
950 | "PO-Revision-Date: 2014-03-23 20:43-0300\n" |
951 | "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n" |
952 | "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" |
953 | @@ -78,28 +78,3 @@ msgstr "" |
954 | "configuración permite que el usuario root inicie sesión a través de SSH " |
955 | "utilizando una contraseña. Sólo debería realizar este cambio si no necesita " |
956 | "este comportamiento." |
957 | - |
958 | -#. Type: error |
959 | -#. Description |
960 | -#: ../openssh-server.templates:3001 |
961 | -msgid "Not migrating to socket activation" |
962 | -msgstr "" |
963 | - |
964 | -#. Type: error |
965 | -#. Description |
966 | -#: ../openssh-server.templates:3001 |
967 | -msgid "" |
968 | -"This version of openssh-server uses socket-based activation by default. " |
969 | -"However, because you have more than one ListenAddress configured in " |
970 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
971 | -"to socket-based activation would cause the starting of sshd at boot to be " |
972 | -"unreliable." |
973 | -msgstr "" |
974 | - |
975 | -#. Type: error |
976 | -#. Description |
977 | -#: ../openssh-server.templates:3001 |
978 | -msgid "" |
979 | -"Because a failure to start ssh may make it impossible to admininister a " |
980 | -"system, you will not be migrated to socket-based activation at this time." |
981 | -msgstr "" |
982 | diff --git a/debian/po/fr.po b/debian/po/fr.po |
983 | index 7d7093b..f7125e9 100644 |
984 | --- a/debian/po/fr.po |
985 | +++ b/debian/po/fr.po |
986 | @@ -7,7 +7,7 @@ msgid "" |
987 | msgstr "" |
988 | "Project-Id-Version: openssh_1:6.5p1-6\n" |
989 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
990 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
991 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
992 | "PO-Revision-Date: 2014-03-22 08:26+0100\n" |
993 | "Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n" |
994 | "Language-Team: French <debian-l10n-french@lists.debian.org>\n" |
995 | @@ -57,28 +57,3 @@ msgstr "" |
996 | "inutilisables les systèmes reposant sur la possibilité de se connecter au " |
997 | "compte « root » par SSH avec authentification par mot de passe. Vous ne " |
998 | "devriez appliquer cette modification que si ce n’est pas votre cas." |
999 | - |
1000 | -#. Type: error |
1001 | -#. Description |
1002 | -#: ../openssh-server.templates:3001 |
1003 | -msgid "Not migrating to socket activation" |
1004 | -msgstr "" |
1005 | - |
1006 | -#. Type: error |
1007 | -#. Description |
1008 | -#: ../openssh-server.templates:3001 |
1009 | -msgid "" |
1010 | -"This version of openssh-server uses socket-based activation by default. " |
1011 | -"However, because you have more than one ListenAddress configured in " |
1012 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1013 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1014 | -"unreliable." |
1015 | -msgstr "" |
1016 | - |
1017 | -#. Type: error |
1018 | -#. Description |
1019 | -#: ../openssh-server.templates:3001 |
1020 | -msgid "" |
1021 | -"Because a failure to start ssh may make it impossible to admininister a " |
1022 | -"system, you will not be migrated to socket-based activation at this time." |
1023 | -msgstr "" |
1024 | diff --git a/debian/po/it.po b/debian/po/it.po |
1025 | index 5390795..dd71060 100644 |
1026 | --- a/debian/po/it.po |
1027 | +++ b/debian/po/it.po |
1028 | @@ -6,7 +6,7 @@ msgid "" |
1029 | msgstr "" |
1030 | "Project-Id-Version: openssh\n" |
1031 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1032 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1033 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1034 | "PO-Revision-Date: 2014-03-28 11:12+0200\n" |
1035 | "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n" |
1036 | "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" |
1037 | @@ -56,28 +56,3 @@ msgstr "" |
1038 | "impostati facendo affidamento sulla possibilità di autenticazione SSH come " |
1039 | "root usando la password. Si dovrebbe fare questo cambiamento solo se non si " |
1040 | "ha bisogno di tale comportamento." |
1041 | - |
1042 | -#. Type: error |
1043 | -#. Description |
1044 | -#: ../openssh-server.templates:3001 |
1045 | -msgid "Not migrating to socket activation" |
1046 | -msgstr "" |
1047 | - |
1048 | -#. Type: error |
1049 | -#. Description |
1050 | -#: ../openssh-server.templates:3001 |
1051 | -msgid "" |
1052 | -"This version of openssh-server uses socket-based activation by default. " |
1053 | -"However, because you have more than one ListenAddress configured in " |
1054 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1055 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1056 | -"unreliable." |
1057 | -msgstr "" |
1058 | - |
1059 | -#. Type: error |
1060 | -#. Description |
1061 | -#: ../openssh-server.templates:3001 |
1062 | -msgid "" |
1063 | -"Because a failure to start ssh may make it impossible to admininister a " |
1064 | -"system, you will not be migrated to socket-based activation at this time." |
1065 | -msgstr "" |
1066 | diff --git a/debian/po/ja.po b/debian/po/ja.po |
1067 | index b48d281..db382f1 100644 |
1068 | --- a/debian/po/ja.po |
1069 | +++ b/debian/po/ja.po |
1070 | @@ -7,7 +7,7 @@ msgid "" |
1071 | msgstr "" |
1072 | "Project-Id-Version: openssh\n" |
1073 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1074 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1075 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1076 | "PO-Revision-Date: 2014-03-20 11:06+0900\n" |
1077 | "Last-Translator: victory <victory.deb@gmail.com>\n" |
1078 | "Language-Team: Japanese <debian-japanese@lists.debian.org>\n" |
1079 | @@ -53,28 +53,3 @@ msgstr "" |
1080 | "ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し" |
1081 | "たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ" |
1082 | "この変更を行うようにしてください。" |
1083 | - |
1084 | -#. Type: error |
1085 | -#. Description |
1086 | -#: ../openssh-server.templates:3001 |
1087 | -msgid "Not migrating to socket activation" |
1088 | -msgstr "" |
1089 | - |
1090 | -#. Type: error |
1091 | -#. Description |
1092 | -#: ../openssh-server.templates:3001 |
1093 | -msgid "" |
1094 | -"This version of openssh-server uses socket-based activation by default. " |
1095 | -"However, because you have more than one ListenAddress configured in " |
1096 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1097 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1098 | -"unreliable." |
1099 | -msgstr "" |
1100 | - |
1101 | -#. Type: error |
1102 | -#. Description |
1103 | -#: ../openssh-server.templates:3001 |
1104 | -msgid "" |
1105 | -"Because a failure to start ssh may make it impossible to admininister a " |
1106 | -"system, you will not be migrated to socket-based activation at this time." |
1107 | -msgstr "" |
1108 | diff --git a/debian/po/nl.po b/debian/po/nl.po |
1109 | index eca9662..3afd617 100644 |
1110 | --- a/debian/po/nl.po |
1111 | +++ b/debian/po/nl.po |
1112 | @@ -7,7 +7,7 @@ msgid "" |
1113 | msgstr "" |
1114 | "Project-Id-Version: openssh\n" |
1115 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1116 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1117 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1118 | "PO-Revision-Date: 2014-10-03 23:54+0200\n" |
1119 | "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" |
1120 | "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" |
1121 | @@ -58,28 +58,3 @@ msgstr "" |
1122 | "ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan " |
1123 | "gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet " |
1124 | "nodig heeft, zou u deze wijziging kunnen doorvoeren." |
1125 | - |
1126 | -#. Type: error |
1127 | -#. Description |
1128 | -#: ../openssh-server.templates:3001 |
1129 | -msgid "Not migrating to socket activation" |
1130 | -msgstr "" |
1131 | - |
1132 | -#. Type: error |
1133 | -#. Description |
1134 | -#: ../openssh-server.templates:3001 |
1135 | -msgid "" |
1136 | -"This version of openssh-server uses socket-based activation by default. " |
1137 | -"However, because you have more than one ListenAddress configured in " |
1138 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1139 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1140 | -"unreliable." |
1141 | -msgstr "" |
1142 | - |
1143 | -#. Type: error |
1144 | -#. Description |
1145 | -#: ../openssh-server.templates:3001 |
1146 | -msgid "" |
1147 | -"Because a failure to start ssh may make it impossible to admininister a " |
1148 | -"system, you will not be migrated to socket-based activation at this time." |
1149 | -msgstr "" |
1150 | diff --git a/debian/po/pt.po b/debian/po/pt.po |
1151 | index 8f51af9..2dab84c 100644 |
1152 | --- a/debian/po/pt.po |
1153 | +++ b/debian/po/pt.po |
1154 | @@ -7,7 +7,7 @@ msgid "" |
1155 | msgstr "" |
1156 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
1157 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1158 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1159 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1160 | "PO-Revision-Date: 2014-03-21 21:13+0000\n" |
1161 | "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n" |
1162 | "Language-Team: Portuguese <traduz@debianpt.org>\n" |
1163 | @@ -57,28 +57,3 @@ msgstr "" |
1164 | "configurados com a expectativa de serem capazes de SSH como root usando " |
1165 | "autenticação por palavra-passe. Apenas deverá fazer esta alteração se não " |
1166 | "precisa de tal método de autenticação." |
1167 | - |
1168 | -#. Type: error |
1169 | -#. Description |
1170 | -#: ../openssh-server.templates:3001 |
1171 | -msgid "Not migrating to socket activation" |
1172 | -msgstr "" |
1173 | - |
1174 | -#. Type: error |
1175 | -#. Description |
1176 | -#: ../openssh-server.templates:3001 |
1177 | -msgid "" |
1178 | -"This version of openssh-server uses socket-based activation by default. " |
1179 | -"However, because you have more than one ListenAddress configured in " |
1180 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1181 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1182 | -"unreliable." |
1183 | -msgstr "" |
1184 | - |
1185 | -#. Type: error |
1186 | -#. Description |
1187 | -#: ../openssh-server.templates:3001 |
1188 | -msgid "" |
1189 | -"Because a failure to start ssh may make it impossible to admininister a " |
1190 | -"system, you will not be migrated to socket-based activation at this time." |
1191 | -msgstr "" |
1192 | diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po |
1193 | index 98856bb..99b1182 100644 |
1194 | --- a/debian/po/pt_BR.po |
1195 | +++ b/debian/po/pt_BR.po |
1196 | @@ -8,7 +8,7 @@ msgid "" |
1197 | msgstr "" |
1198 | "Project-Id-Version: openssh\n" |
1199 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1200 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1201 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1202 | "PO-Revision-Date: 2014-11-23 23:49-0200\n" |
1203 | "Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n" |
1204 | "Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." |
1205 | @@ -55,28 +55,3 @@ msgstr "" |
1206 | "Entretanto, ela pode quebrar sistemas que foram configurados com a " |
1207 | "expectativa de acesso SSH com root usando autenticação por senha. Você deve " |
1208 | "fazer esta mudança somente se você não precisa fazer isso." |
1209 | - |
1210 | -#. Type: error |
1211 | -#. Description |
1212 | -#: ../openssh-server.templates:3001 |
1213 | -msgid "Not migrating to socket activation" |
1214 | -msgstr "" |
1215 | - |
1216 | -#. Type: error |
1217 | -#. Description |
1218 | -#: ../openssh-server.templates:3001 |
1219 | -msgid "" |
1220 | -"This version of openssh-server uses socket-based activation by default. " |
1221 | -"However, because you have more than one ListenAddress configured in " |
1222 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1223 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1224 | -"unreliable." |
1225 | -msgstr "" |
1226 | - |
1227 | -#. Type: error |
1228 | -#. Description |
1229 | -#: ../openssh-server.templates:3001 |
1230 | -msgid "" |
1231 | -"Because a failure to start ssh may make it impossible to admininister a " |
1232 | -"system, you will not be migrated to socket-based activation at this time." |
1233 | -msgstr "" |
1234 | diff --git a/debian/po/ru.po b/debian/po/ru.po |
1235 | index 3fa193c..f2e1daf 100644 |
1236 | --- a/debian/po/ru.po |
1237 | +++ b/debian/po/ru.po |
1238 | @@ -6,7 +6,7 @@ msgid "" |
1239 | msgstr "" |
1240 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
1241 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1242 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1243 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1244 | "PO-Revision-Date: 2014-03-22 10:04+0400\n" |
1245 | "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" |
1246 | "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" |
1247 | @@ -14,8 +14,8 @@ msgstr "" |
1248 | "MIME-Version: 1.0\n" |
1249 | "Content-Type: text/plain; charset=UTF-8\n" |
1250 | "Content-Transfer-Encoding: 8bit\n" |
1251 | -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " |
1252 | -"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" |
1253 | +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" |
1254 | +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" |
1255 | "X-Generator: Lokalize 1.4\n" |
1256 | |
1257 | #. Type: boolean |
1258 | @@ -55,28 +55,3 @@ msgstr "" |
1259 | "атак). Однако, это вредит системам, в которых специально настроен вход для " |
1260 | "root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте " |
1261 | "утвердительно." |
1262 | - |
1263 | -#. Type: error |
1264 | -#. Description |
1265 | -#: ../openssh-server.templates:3001 |
1266 | -msgid "Not migrating to socket activation" |
1267 | -msgstr "" |
1268 | - |
1269 | -#. Type: error |
1270 | -#. Description |
1271 | -#: ../openssh-server.templates:3001 |
1272 | -msgid "" |
1273 | -"This version of openssh-server uses socket-based activation by default. " |
1274 | -"However, because you have more than one ListenAddress configured in " |
1275 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1276 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1277 | -"unreliable." |
1278 | -msgstr "" |
1279 | - |
1280 | -#. Type: error |
1281 | -#. Description |
1282 | -#: ../openssh-server.templates:3001 |
1283 | -msgid "" |
1284 | -"Because a failure to start ssh may make it impossible to admininister a " |
1285 | -"system, you will not be migrated to socket-based activation at this time." |
1286 | -msgstr "" |
1287 | diff --git a/debian/po/sv.po b/debian/po/sv.po |
1288 | index 296e611..278b0cc 100644 |
1289 | --- a/debian/po/sv.po |
1290 | +++ b/debian/po/sv.po |
1291 | @@ -8,7 +8,7 @@ msgid "" |
1292 | msgstr "" |
1293 | "Project-Id-Version: openssh\n" |
1294 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1295 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1296 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1297 | "PO-Revision-Date: 2014-03-21 21:36+0100\n" |
1298 | "Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n" |
1299 | "Language-Team: Swedish\n" |
1300 | @@ -56,28 +56,3 @@ msgstr "" |
1301 | "sådana angrepp). Dock så kan detta förstöra system som förväntas kunna " |
1302 | "använda SSH som root med hjälp av lösenordsautentisering. Du skall endast " |
1303 | "göra denna förändring om du inte har ett behov av att kunna göra detta." |
1304 | - |
1305 | -#. Type: error |
1306 | -#. Description |
1307 | -#: ../openssh-server.templates:3001 |
1308 | -msgid "Not migrating to socket activation" |
1309 | -msgstr "" |
1310 | - |
1311 | -#. Type: error |
1312 | -#. Description |
1313 | -#: ../openssh-server.templates:3001 |
1314 | -msgid "" |
1315 | -"This version of openssh-server uses socket-based activation by default. " |
1316 | -"However, because you have more than one ListenAddress configured in " |
1317 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1318 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1319 | -"unreliable." |
1320 | -msgstr "" |
1321 | - |
1322 | -#. Type: error |
1323 | -#. Description |
1324 | -#: ../openssh-server.templates:3001 |
1325 | -msgid "" |
1326 | -"Because a failure to start ssh may make it impossible to admininister a " |
1327 | -"system, you will not be migrated to socket-based activation at this time." |
1328 | -msgstr "" |
1329 | diff --git a/debian/po/templates.pot b/debian/po/templates.pot |
1330 | index c9dc5ba..47c9e36 100644 |
1331 | --- a/debian/po/templates.pot |
1332 | +++ b/debian/po/templates.pot |
1333 | @@ -1,6 +1,6 @@ |
1334 | # SOME DESCRIPTIVE TITLE. |
1335 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER |
1336 | -# This file is distributed under the same license as the openssh package. |
1337 | +# This file is distributed under the same license as the PACKAGE package. |
1338 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
1339 | # |
1340 | #, fuzzy |
1341 | @@ -8,7 +8,7 @@ msgid "" |
1342 | msgstr "" |
1343 | "Project-Id-Version: openssh\n" |
1344 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1345 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1346 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1347 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
1348 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
1349 | "Language-Team: LANGUAGE <LL@li.org>\n" |
1350 | @@ -44,28 +44,3 @@ msgid "" |
1351 | "able to SSH as root using password authentication. You should only make this " |
1352 | "change if you do not need to do that." |
1353 | msgstr "" |
1354 | - |
1355 | -#. Type: error |
1356 | -#. Description |
1357 | -#: ../openssh-server.templates:3001 |
1358 | -msgid "Not migrating to socket activation" |
1359 | -msgstr "" |
1360 | - |
1361 | -#. Type: error |
1362 | -#. Description |
1363 | -#: ../openssh-server.templates:3001 |
1364 | -msgid "" |
1365 | -"This version of openssh-server uses socket-based activation by default. " |
1366 | -"However, because you have more than one ListenAddress configured in " |
1367 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1368 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1369 | -"unreliable." |
1370 | -msgstr "" |
1371 | - |
1372 | -#. Type: error |
1373 | -#. Description |
1374 | -#: ../openssh-server.templates:3001 |
1375 | -msgid "" |
1376 | -"Because a failure to start ssh may make it impossible to admininister a " |
1377 | -"system, you will not be migrated to socket-based activation at this time." |
1378 | -msgstr "" |
1379 | diff --git a/debian/po/tr.po b/debian/po/tr.po |
1380 | index fd6bde5..1ada041 100644 |
1381 | --- a/debian/po/tr.po |
1382 | +++ b/debian/po/tr.po |
1383 | @@ -7,15 +7,15 @@ msgid "" |
1384 | msgstr "" |
1385 | "Project-Id-Version: openssh-server\n" |
1386 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1387 | -"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1388 | +"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1389 | "PO-Revision-Date: 2014-08-01 14:44+0200\n" |
1390 | "Last-Translator: Mert Dirik <mertdirik@gmail.com>\n" |
1391 | "Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n" |
1392 | -"Language: tr\n" |
1393 | "MIME-Version: 1.0\n" |
1394 | "Content-Type: text/plain; charset=UTF-8\n" |
1395 | "Content-Transfer-Encoding: 8bit\n" |
1396 | "X-Generator: Poedit 1.5.4\n" |
1397 | +"Language: tr\n" |
1398 | |
1399 | #. Type: boolean |
1400 | #. Description |
1401 | @@ -56,28 +56,3 @@ msgstr "" |
1402 | "parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden " |
1403 | "sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu " |
1404 | "değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın." |
1405 | - |
1406 | -#. Type: error |
1407 | -#. Description |
1408 | -#: ../openssh-server.templates:3001 |
1409 | -msgid "Not migrating to socket activation" |
1410 | -msgstr "" |
1411 | - |
1412 | -#. Type: error |
1413 | -#. Description |
1414 | -#: ../openssh-server.templates:3001 |
1415 | -msgid "" |
1416 | -"This version of openssh-server uses socket-based activation by default. " |
1417 | -"However, because you have more than one ListenAddress configured in " |
1418 | -"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1419 | -"to socket-based activation would cause the starting of sshd at boot to be " |
1420 | -"unreliable." |
1421 | -msgstr "" |
1422 | - |
1423 | -#. Type: error |
1424 | -#. Description |
1425 | -#: ../openssh-server.templates:3001 |
1426 | -msgid "" |
1427 | -"Because a failure to start ssh may make it impossible to admininister a " |
1428 | -"system, you will not be migrated to socket-based activation at this time." |
1429 | -msgstr "" |
1430 | diff --git a/debian/rules b/debian/rules |
1431 | index dff4713..54d82cb 100755 |
1432 | --- a/debian/rules |
1433 | +++ b/debian/rules |
1434 | @@ -1,6 +1,6 @@ |
1435 | #!/usr/bin/make -f |
1436 | |
1437 | -export DEB_BUILD_MAINT_OPTIONS := hardening=+all |
1438 | +export DEB_BUILD_MAINT_OPTIONS := hardening=+all optimize=+lto |
1439 | |
1440 | include /usr/share/dpkg/default.mk |
1441 | |
1442 | diff --git a/debian/systemd/ssh.socket b/debian/systemd/ssh.socket |
1443 | index 1de1280..69e93a0 100644 |
1444 | --- a/debian/systemd/ssh.socket |
1445 | +++ b/debian/systemd/ssh.socket |
1446 | @@ -1,11 +1,13 @@ |
1447 | [Unit] |
1448 | Description=OpenBSD Secure Shell server socket |
1449 | -Before=sockets.target |
1450 | +Before=sockets.target ssh.service |
1451 | ConditionPathExists=!/etc/ssh/sshd_not_to_be_run |
1452 | |
1453 | [Socket] |
1454 | ListenStream=22 |
1455 | Accept=no |
1456 | +FreeBind=yes |
1457 | |
1458 | [Install] |
1459 | WantedBy=sockets.target |
1460 | +RequiredBy=ssh.service |
1461 | diff --git a/debian/tests/control b/debian/tests/control |
1462 | index adef04c..dd8069d 100644 |
1463 | --- a/debian/tests/control |
1464 | +++ b/debian/tests/control |
1465 | @@ -15,3 +15,9 @@ Restrictions: needs-root allow-stderr |
1466 | Depends: openssh-client, |
1467 | openssh-server, |
1468 | systemd, |
1469 | + |
1470 | +Tests: sshd-socket-generator |
1471 | +Restrictions: needs-root allow-stderr |
1472 | +Depends: openssh-client, |
1473 | + openssh-server, |
1474 | + systemd, |
1475 | diff --git a/debian/tests/sshd-socket-generator b/debian/tests/sshd-socket-generator |
1476 | new file mode 100644 |
1477 | index 0000000..da6b4d6 |
1478 | --- /dev/null |
1479 | +++ b/debian/tests/sshd-socket-generator |
1480 | @@ -0,0 +1,105 @@ |
1481 | +#!/bin/bash |
1482 | + |
1483 | +test_default() ( |
1484 | + set -xeuo pipefail |
1485 | + |
1486 | + /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir" |
1487 | + |
1488 | + # Nothing should be generated in this case. |
1489 | + test ! -e "$testdir/ssh.socket.d" |
1490 | +) |
1491 | + |
1492 | +test_custom_port() ( |
1493 | + set -xeuo pipefail |
1494 | + |
1495 | + echo "Port 1234" >> "$testconf" |
1496 | + |
1497 | + /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir" |
1498 | + |
1499 | + grep -q "^ListenStream=1234" "$socket_override" |
1500 | +) |
1501 | + |
1502 | +test_mutiple_custom_ports() ( |
1503 | + set -xeuo pipefail |
1504 | + |
1505 | + echo "Port 1234" >> "$testconf" |
1506 | + echo "Port 4321" >> "$testconf" |
1507 | + |
1508 | + /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir" |
1509 | + |
1510 | + grep -q "^ListenStream=1234" "$socket_override" |
1511 | + grep -q "^ListenStream=4321" "$socket_override" |
1512 | +) |
1513 | + |
1514 | +test_custom_listenaddress() ( |
1515 | + set -xeuo pipefail |
1516 | + |
1517 | + echo "ListenAddress 10.1.2.3" >> "$testconf" |
1518 | + |
1519 | + /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir" |
1520 | + |
1521 | + grep -q "^ListenStream=10.1.2.3:22" "$socket_override" |
1522 | +) |
1523 | + |
1524 | +test_custom_listenaddress_and_port() ( |
1525 | + set -xeuo pipefail |
1526 | + |
1527 | + echo "Port 1234" >> "$testconf" |
1528 | + echo "ListenAddress 10.1.2.3" >> "$testconf" |
1529 | + |
1530 | + /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir" |
1531 | + |
1532 | + grep -q "^ListenStream=10.1.2.3:1234" "$socket_override" |
1533 | +) |
1534 | + |
1535 | +test_custom_ipv6_listenaddress() ( |
1536 | + set -xeuo pipefail |
1537 | + |
1538 | + echo "ListenAddress 2001:db8:85a3::8a2e:370:7334" >> "$testconf" |
1539 | + |
1540 | + /usr/lib/systemd/system-generators/sshd-socket-generator "$testdir" |
1541 | + |
1542 | + grep -q "^ListenStream=\[2001:db8:85a3::8a2e:370:7334\]:22" "$socket_override" |
1543 | +) |
1544 | + |
1545 | +tmpdir="$(mktemp -d)" |
1546 | +testconf="/etc/ssh/sshd_config.d/test.conf" |
1547 | +failed= |
1548 | + |
1549 | +mkdir -p /etc/ssh/sshd_config.d |
1550 | + |
1551 | +for test_fn in \ |
1552 | + "test_default" \ |
1553 | + "test_custom_port" \ |
1554 | + "test_mutiple_custom_ports" \ |
1555 | + "test_custom_listenaddress" \ |
1556 | + "test_custom_listenaddress_and_port" \ |
1557 | + "test_custom_ipv6_listenaddress" |
1558 | +do |
1559 | + echo -n "$test_fn..." |
1560 | + |
1561 | + testdir="${tmpdir}/${test_fn}" |
1562 | + socket_override="${testdir}/ssh.socket.d/addresses.conf" |
1563 | + mkdir -p "$testdir" |
1564 | + |
1565 | + $test_fn > "${AUTOPKGTEST_ARTIFACTS}/${test_fn}.log" 2>&1 |
1566 | + if [[ $? -eq 0 ]]; then |
1567 | + echo "PASS" |
1568 | + else |
1569 | + echo "FAIL" |
1570 | + failed="${failed:+$failed }$test_fn" |
1571 | + fi |
1572 | + |
1573 | + >"$testconf" |
1574 | +done |
1575 | + |
1576 | +if [[ -n "$failed" ]]; then |
1577 | + for t in $failed; do |
1578 | + echo "--------------------------------------------" |
1579 | + echo "FAIL: $t" |
1580 | + echo "--------------------------------------------" |
1581 | + cat "${AUTOPKGTEST_ARTIFACTS}/${t}.log" |
1582 | + done |
1583 | + |
1584 | + exit 1 |
1585 | +fi |
Thanks for reviewing, Steve. Replied to inline comments.